r4970: Fix for bug 2092, allowing fallback after kerberos and allow

gnome vfs to prevent auto-anonymous logon.
Jeremy.

diff --git a/source/include/client.h b/source/include/client.h
index c182544362ff6e17b18a6a46eb6015a00d974488..8ae8faf90dc9961535c48412385ed7e27cb7a112 100644 (file)
--- a/source/include/client.h
+++ b/source/include/client.h
@@ -144,6 +144,7 @@ struct cli_state {
        uint16 max_recv_frag;
 
        BOOL use_kerberos;
+       BOOL fallback_after_kerberos;
        BOOL use_spnego;
 
        BOOL use_oplocks; /* should we use oplocks? */

diff --git a/source/include/libsmbclient.h b/source/include/libsmbclient.h
index aaa19cb191b09a25834caa19be49f258d7b1dae3..efb04285a7fdfef9b38ab3a37db1ba28970b7a13 100644 (file)
--- a/source/include/libsmbclient.h
+++ b/source/include/libsmbclient.h
@@ -455,9 +455,15 @@ struct _SMBCCTX {
         * do _NOT_ touch this from your program !
         */
        struct smbc_internal_data * internal;
+
+       int flags;
        
 };
 
+/* Flags for SMBCCTX->flags */
+#define SMB_CTX_FLAG_USE_KERBEROS (1 << 0)
+#define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1)
+#define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2) /* don't try to do automatic anon login */
 
 /**@ingroup misc
  * Create a new SBMCCTX (a context).

diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 659e12429222ab6d72eae47c219d7fd50dbf1b5e..bffe9dfe8a0b5db3506e904a1077d087db43caff 100644 (file)
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -757,13 +757,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        if (ret){
                                SAFE_FREE(principal);
                                DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
+                               if (cli->fallback_after_kerberos)
+                                       goto ntlmssp;
                                return ADS_ERROR_KRB5(ret);
                        }
                }
                
                rc = cli_session_setup_kerberos(cli, principal, domain);
-               SAFE_FREE(principal);
-               return rc;
+               if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+                       SAFE_FREE(principal);
+                       return rc;
+               }
        }
 #endif
 

diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c
index df9c4ddcadcd8866df60fc473c8028124f295a68..8eeadc8a7831996153b6adc995fff38b08209825 100644 (file)
--- a/source/libsmb/libsmbclient.c
+++ b/source/libsmb/libsmbclient.c
@@ -584,6 +584,13 @@ SMBCSRV *smbc_server(SMBCCTX *context,
                return NULL;
        }
 
+       if (context->flags & SMB_CTX_FLAG_USE_KERBEROS) {
+               c.use_kerberos = True;
+       }
+       if (context->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) {
+               c.fallback_after_kerberos = True;
+       }
+
        c.timeout = context->timeout;
 
         /* Force use of port 139 for first try, so browse lists can work */
@@ -648,8 +655,9 @@ SMBCSRV *smbc_server(SMBCCTX *context,
                               password, strlen(password),
                               password, strlen(password),
                               workgroup) &&
-           /* try an anonymous login if it failed */
-           !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
+                       /* Try an anonymous login if it failed and this was allowed by flags. */
+                       ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
+                       !cli_session_setup(&c, "", "", 1,"", 0, workgroup))) {
                cli_shutdown(&c);
                errno = EPERM;
                return NULL;